thr3ads.net - Secure testing team - [Secure-testing-commits] r5450

If this information is useful, please help other people find it:
Share via:

Stefan Fritsch

2007-Feb-13 19:07 UTC

[Secure-testing-commits] r5450 - data/CVE

Author: stef-guest
Date: 2007-02-13 19:07:27 +0100 (Tue, 13 Feb 2007)
New Revision: 5450

Modified:
   data/CVE/list
Log:
remove all traces of firefox (actually I think this is a bug in the tracker)


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-02-13 16:22:00 UTC (rev 5449)
+++ data/CVE/list	2007-02-13 18:07:27 UTC (rev 5450)
@@ -2897,7 +2897,6 @@
 	NOT-FOR-US: Vortex Blog
 CVE-2006-6585 (The Extensions manager in Mozilla Firefox 2.0 does not properly
...)
 	- iceweasel 2.0.0.1+dfsg-1
-	- firefox <removed>
 	TODO: check iceape, sarge''s firefox
 CVE-2006-6584 (Multiple buffer overflows in italkplus (Italk+) before 0.92.1
allow ...)
 	NOT-FOR-US: italkplus (Italk+)
@@ -3103,7 +3102,6 @@
 	- iceweasel 2.0.0.1+dfsg-1 (high)
 	- xulrunner 1.8.0.9-1 (high)
 	- iceape 1.0.7-1 (high)
-	- firefox <removed> (high)
 	NOTE: Flaw was introduced in Firefox 1.5.0.4
 	- icedove 1.5.0.9.dfsg1-1 (high)
 CVE-2006-6503 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9,
Thunderbird ...)
@@ -3112,7 +3110,6 @@
 	- iceweasel 2.0.0.1+dfsg-1 (high)
 	- xulrunner 1.8.0.9-1 (high)
 	- iceape 1.0.7-1 (high)
-	- firefox <removed> (high)
 	- mozilla <removed> (high)
 	- mozilla-firefox <removed> (high)
 	- mozilla-thunderbird <removed> (high)
@@ -3123,7 +3120,6 @@
 	- iceweasel 2.0.0.1+dfsg-1 (high)
 	- xulrunner 1.8.0.9-1 (high)
 	- iceape 1.0.7-1 (high)
-	- firefox <removed> (high)
 	- mozilla <removed> (high)
 	- mozilla-firefox <removed> (high)
 	- mozilla-thunderbird <removed> (unimportant)
@@ -3135,7 +3131,6 @@
 	- iceweasel 2.0.0.1+dfsg-1 (high)
 	- xulrunner 1.8.0.9-1 (high)
 	- iceape 1.0.7-1 (high)
-	- firefox <removed> (high)
 	- mozilla <removed> (high)
 	- mozilla-firefox <removed> (high)
 	- mozilla-thunderbird <removed> (low)
@@ -3145,7 +3140,6 @@
 	- iceweasel <not-affected> (windows only)
 	- xulrunner <not-affected> (Windows only)
 	- iceape <not-affected> (windows only)
-	- firefox <not-affected> (windows only)
 	- mozilla <not-affected> (windows only)
 	- mozilla-firefox <not-affected> (windows only)
 	- mozilla-thunderbird <not-affected> (windows only)
@@ -3156,7 +3150,6 @@
 	- iceweasel 2.0.0.1+dfsg-1 (high)
 	- xulrunner 1.8.0.9-1 (high)
 	- iceape 1.0.7-1 (high)
-	- firefox <removed> (high)
 	- mozilla <removed> (high)
 	- mozilla-firefox <removed> (high)
 	- mozilla-thunderbird <removed> (low)
@@ -3169,7 +3162,6 @@
 	- iceweasel 2.0.0.1+dfsg-1 (high)
 	- xulrunner 1.8.0.9-1 (high)
 	- iceape 1.0.7-1 (high)
-	- firefox <removed> (high)
 	- mozilla <removed> (high)
 	- mozilla-firefox <removed> (high)
 	- mozilla-thunderbird <removed> (low)
@@ -3180,7 +3172,6 @@
 	- iceweasel 2.0.0.1+dfsg-1 (medium)
 	- xulrunner 1.8.0.9-1 (medium)
 	- iceape 1.0.7-1 (medium)
-	- firefox <removed> (medium)
 	- mozilla <removed> (medium)
 	- mozilla-firefox <removed> (medium)
 	- mozilla-thunderbird <removed> (low)
@@ -4793,14 +4784,12 @@
 CVE-2006-5748 (Multiple unspecified vulnerabilities in the JavaScript engine in
...)
 	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
 	NOTE: MFSA-2006-65
-	- firefox <removed> (high)
 	- iceweasel 2.0+dfsg-1 (high)
 	- icedove 1.5.0.8-1 (medium)
 	- mozilla <unfixed> (high)
 	- xulrunner 1.8.0.8-1 (high)
 CVE-2006-5747 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8,
...)
 	NOTE: MFSA-2006-65
-	- firefox <removed> (high)
 	- iceweasel 2.0+dfsg-1 (high)
 	- icedove 1.5.0.8-1 (medium)
 	- mozilla <unfixed> (medium)
@@ -5053,7 +5042,6 @@
 CVE-2006-5634 (Multiple PHP remote file inclusion vulnerabilities in
phpProfiles 2.1 ...)
 	NOT-FOR-US: phpProfiles
 CVE-2006-5633 (Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote
attackers ...)
-	- firefox <removed> (unimportant)
 	- iceweasel <unfixed> (unimportant)
 	- icedove <unfixed> (unimportant)
 	- mozilla <unfixed> (unimportant)
@@ -5424,7 +5412,6 @@
 CVE-2006-5464 (Multiple unspecified vulnerabilities in the layout engine in
Mozilla ...)
 	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
 	NOTE: MFSA-2006-65
-	- firefox <removed> (low)
 	- iceweasel 2.0+dfsg-1 (low)
 	- icedove 1.5.0.8-1 (low)
 	- mozilla <unfixed> (low)
@@ -5432,7 +5419,6 @@
 CVE-2006-5463 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8,
...)
 	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
 	NOTE: MFSA-2006-67
-	- firefox <removed> (high)
 	- iceweasel 2.0+dfsg-1 (high)
 	- icedove 1.5.0.8-1 (medium)
 	- mozilla <unfixed> (high)
@@ -5442,7 +5428,6 @@
 	NOTE: MFSA-2006-66
 	NOTE: this is the similar to CVE-2006-4339, see also CVE-2006-4340
 	NOTE: the fixes for CVE-2006-4340 were incomplete
-	- firefox <removed> (high)
 	- iceweasel 2.0+dfsg-1 (high)
 	- icedove 1.5.0.8-1 (medium)
 	- mozilla <unfixed> (high)
@@ -6102,7 +6087,6 @@
 CVE-2006-5161 (IBM Client Security Password Manager stores and distributes
saved ...)
 	NOT-FOR-US: IBM
 CVE-2006-5160 (** DISPUTED ** ...)
-	- firefox <not-affected> (no real issues)
 CVE-2006-5159 (** DISPUTED ** ...)
 	NOT-FOR-US: Bogus Firefox issue
 CVE-2006-5158 (The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux
kernel ...)
@@ -7375,7 +7359,6 @@
 	{DSA-1210 DSA-1192-1 DSA-1191-1}
 	NOTE: MFSA-2006-64
 	- mozilla <unfixed> (high)
-	- firefox 1.5.dfsg+1.5.0.7-1 (high)
 	- thunderbird 1.5.0.7-1 (high)
 	- xulrunner 1.8.0.7-1 (high)
 CVE-2006-4570 (Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5,
with ...)
@@ -7385,7 +7368,6 @@
 	- mozilla <unfixed>
 CVE-2006-4569 (The popup blocker in Mozilla Firefox before 1.5.0.7 opens the
&quot;blocked ...)
 	NOTE: MFSA-2006-62
-	- firefox 1.5.dfsg+1.5.0.7-1 (low)
 	- xulrunner 1.8.0.7-1 (low)
 	- thunderbird 1.5.0.7-1
 	[sarge] - mozilla-firefox <not-affected> (Regression only affecting 1.5)
@@ -7393,12 +7375,10 @@
 	{DSA-1210 DSA-1192-1 DSA-1191-1}
 	NOTE: MFSA-2006-61
 	- mozilla <unfixed> (low)
-	- firefox 1.5.dfsg+1.5.0.7-1 (low)
 	- xulrunner 1.8.0.7-1 (low)
 	- thunderbird 1.5.0.7-1
 CVE-2006-4567 (Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7
makes it ...)
 	NOTE: MFSA-2006-58
-	- firefox 1.5.dfsg+1.5.0.7-1 (unimportant)
 	- thunderbird 1.5.0.7-1 (unimportant)
 	[sarge] - mozilla-firefox <unfixed> (unimportant)
 	[sarge] - mozilla-thunderbird <unfixed> (unimportant)
@@ -7407,14 +7387,12 @@
 	{DSA-1210 DSA-1192-1 DSA-1191-1}
 	NOTE: MFSA-2006-57
 	- mozilla <unfixed> (high)
-	- firefox 1.5.dfsg+1.5.0.7-1 (high)
 	- thunderbird 1.5.0.7-1 (low)
 	- xulrunner 1.8.0.7-1 (high)
 CVE-2006-4565 (Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7,
...)
 	{DSA-1210 DSA-1192-1 DSA-1191-1}
 	NOTE: MFSA-2006-57
 	- mozilla <unfixed> (high)
-	- firefox 1.5.dfsg+1.5.0.7-1 (high)
 	- xulrunner 1.8.0.7-1 (high)
 	- thunderbird 1.5.0.7-1 (low)
 CVE-2006-4564 (SQL injection vulnerability in Sources/ManageBoards.php in
Simple ...)
@@ -7425,7 +7403,6 @@
 	NOT-FOR-US: Symantec
 CVE-2006-4561 (Mozilla Firefox 1.5.0.6 allows remote attackers to execute
arbitrary ...)
 	- xulrunner <unfixed> (low)
-	- firefox 1.5.dfsg+1.5.0.7-1 (low)
 	- mozilla <unfixed> (low)
 	- mozilla-firefox <removed> (low)
 CVE-2006-4560 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to
...)
@@ -7717,7 +7694,6 @@
 	NOT-FOR-US: Microsoft
 CVE-2005-4809 (Mozilla Firefox 1.0.1 and possibly other versions, including
Mozilla ...)
 	- mozilla <unfixed> (low)
-	- firefox <not-affected> (at least 1.5.0.6 is not vulnerable)
 	- xulrunner <not-affected>
 	[sarge] - mozilla <no-dsa> (Conceptual problem, not fixable in a
backport)
 CVE-2003-1305 (Microsoft Internet Explorer allows remote attackers to cause a
denial ...)
@@ -7930,7 +7906,6 @@
 	{DSA-1210 DSA-1192-1 DSA-1191-1}
 	NOTE: MFSA-2006-60, this is the similar to CVE-2006-4339
 	- mozilla <unfixed> (high)
-	- firefox 1.5.dfsg+1.5.0.7-1 (high)
 	- thunderbird 1.5.0.7-1 (high)
 	- xulrunner 1.8.0.7-1 (high)
 CVE-2006-4339 (OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before
0.9.8c, ...)
@@ -8015,7 +7990,6 @@
 	NOT-FOR-US: Sonium Enterprise Adressbook
 CVE-2006-4310 (Mozilla Firefox 1.5.0.6 allows remote attackers to cause a
denial of ...)
 	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
-	- firefox <removed>
 	- iceweasel 2.0+dfsg-1
 	- mozilla <unfixed>
 	- mozilla-firefox <unfixed>
@@ -8140,7 +8114,6 @@
 CVE-2006-4253 (Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier
...)
 	NOTE: MFSA-2006-59
 	- xulrunner 1.8.0.7-1 (medium)
-	- firefox 1.5.dfsg+1.5.0.7-1 (medium)
 	- mozilla <unfixed> (medium)
 	- thunderbird 1.5.0.7-1 (low)
 	- mozilla-firefox <removed> (unimportant)
@@ -9139,7 +9112,6 @@
 	- mozilla <unfixed> (medium)
 	- xulrunner 1.8.0.5-1 (medium)
 	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
-	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
 	- thunderbird <unfixed> (unimportant)
 	[sarge] - mozilla-thunderbird <not-affected> (unimportant)
 CVE-2006-3811 (Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, ...)
@@ -9148,7 +9120,6 @@
 	- mozilla <unfixed> (high)
 	- xulrunner 1.8.0.5-1 (high)
 	- mozilla-firefox <removed> (high)
-	- firefox 1.5.dfsg+1.5.0.5-1 (high)
 	- thunderbird 1.5.0.5-1 (medium)
 	- mozilla-thunderbird <removed> (medium)
 CVE-2006-3810 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5
before ...)
@@ -9157,7 +9128,6 @@
 	- mozilla <not-affected> (mozilla 1.7 not affected)
 	- xulrunner 1.8.0.5-1 (high)
 	- mozilla-firefox <not-affected> (only firefox >= 1.5)
-	- firefox 1.5.dfsg+1.5.0.5-1 (high)
 	- thunderbird 1.5.0.5-1 (medium)
 CVE-2006-3809 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and
...)
 	{DSA-1161 DSA-1160 DSA-1159}
@@ -9165,7 +9135,6 @@
 	- mozilla <unfixed> (medium)
 	- xulrunner 1.8.0.5-1 (medium)
 	- mozilla-firefox <removed> (medium)
-	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
 	- thunderbird 1.5.0.5-1 (medium)
 	- mozilla-thunderbird <removed> (medium)
 CVE-2006-3808 (Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows
...)
@@ -9174,7 +9143,6 @@
 	- mozilla <unfixed> (medium)
 	- xulrunner 1.8.0.5-1 (medium)
 	- mozilla-firefox <removed> (medium)
-	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
 	- thunderbird 1.5.0.5-1
 CVE-2006-3807 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and
...)
 	{DSA-1161 DSA-1160 DSA-1159}
@@ -9182,7 +9150,6 @@
 	- mozilla <unfixed> (high)
 	- xulrunner 1.8.0.5-1 (high)
 	- mozilla-firefox <removed> (high)
-	- firefox 1.5.dfsg+1.5.0.5-1 (high)
 	- thunderbird 1.5.0.5-1 (medium)
 	- mozilla-thunderbird <removed> (medium)
 CVE-2006-3806 (Multiple integer overflows in the Javascript engine in Mozilla
Firefox ...)
@@ -9191,7 +9158,6 @@
 	- mozilla <unfixed> (high)
 	- xulrunner 1.8.0.5-1 (high)
 	- mozilla-firefox <removed> (high)
-	- firefox 1.5.dfsg+1.5.0.5-1 (high)
 	- thunderbird 1.5.0.5-1 (medium)
 	- mozilla-thunderbird <removed> (medium)
 CVE-2006-3805 (The Javascript engine in Mozilla Firefox before 1.5.0.5,
Thunderbird ...)
@@ -9200,7 +9166,6 @@
 	- mozilla <unfixed> (high)
 	- xulrunner 1.8.0.5-1 (high)
 	- mozilla-firefox <removed> (high)
-	- firefox 1.5.dfsg+1.5.0.5-1 (high)
 	- thunderbird 1.5.0.5-1 (medium)
 	- mozilla-thunderbird <removed> (medium)
 CVE-2006-3804 (Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5
and ...)
@@ -9215,7 +9180,6 @@
 	- mozilla <not-affected> (mozilla 1.7 not affected)
 	- xulrunner 1.8.0.5-1 (high)
 	- mozilla-firefox <not-affected> (only firefox >= 1.5)
-	- firefox 1.5.dfsg+1.5.0.5-1 (high)
 	- thunderbird 1.5.0.5-1 (medium)
 	- mozilla-thunderbird <not-affected>
 CVE-2006-3802 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and
...)
@@ -9223,7 +9187,6 @@
 	- mozilla <not-affected> (mozilla 1.7 not affected)
 	- xulrunner 1.8.0.5-1 (medium)
 	- mozilla-firefox <not-affected> (only firefox >= 1.5)
-	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
 	- thunderbird 1.5.0.5-1 (medium)
 	- mozilla-thunderbird <not-affected>
 CVE-2006-3801 (Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3
does not ...)
@@ -9231,7 +9194,6 @@
 	- mozilla-firefox <not-affected> (only firefox >= 1.5)
 	- mozilla-thunderbird <not-affected> (only firefox >= 1.5)
 	- mozilla <not-affected> (mozilla 1.7 not affected)
-	- firefox 1.5.dfsg+1.5.0.5-1 (high)
 	- xulrunner 1.8.0.5-1 (high)
 	- thunderbird 1.5.0.5-1 (medium)
 CVE-2006-3800 (Cross-site scripting (XSS) vulnerability in Amazing Flash
AFCommerce ...)
@@ -9396,7 +9358,6 @@
 CVE-2006-3732 (Cisco Security Monitoring, Analysis and Response System
(CS-MARS) ...)
 	NOT-FOR-US: CS-MARS
 CVE-2006-3731 (Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted
...)
-	- firefox 1.5.dfsg+1.5.0.6-1 (bug #379050; low)
 	[sarge] - mozilla-firefox <not-affected> (Unreproducible on Sarge)
 CVE-2006-3730 (Integer overflow in Microsoft Internet Explorer 6 on Windows XP
SP2 ...)
 	NOT-FOR-US: MSIE
@@ -9512,7 +9473,6 @@
 	- mozilla <not-affected> (mozilla 1.7 not affected)
 	- xulrunner 1.8.0.5-1 (high)
 	- mozilla-firefox <not-affected> (only firefox >= 1.5)
-	- firefox 1.5.dfsg+1.5.0.5-1 (high)
 	- thunderbird <not-affected>
 	- mozilla-thunderbird <not-affected>
 CVE-2006-3676 (admin/gallery_admin.php in planetGallery before 14.07.2006
allows remote ...)
@@ -10736,7 +10696,6 @@
 	- mozilla <not-affected> (mozilla 1.7 not affected)
 	- xulrunner 1.8.0.5-1 (high)
 	- mozilla-firefox <not-affected> (only firefox >= 1.5)
-	- firefox 1.5.dfsg+1.5.0.5-1 (high)
 	- thunderbird 1.5.0.5-1 (medium)
 	- mozilla-thunderbird <not-affected>
 CVE-2006-3112 (Chipmailer 1.09 allows remote attackers to obtain sensitive ...)
@@ -11477,45 +11436,38 @@
 CVE-2006-2788 (Double-free vulnerability in the getRawDER function for
nsIX509Cert in ...)
 	{DSA-1210 DSA-1192-1 DSA-1191-1}
 	- mozilla <unfixed> (high)
-	- firefox 1.5.dfsg+1.5.0.4 (high)
 	- xulrunner 1.8.0.4-1 (high)
 CVE-2006-2787 (EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4
allows ...)
 	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-31
-	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
 	- thunderbird 1.5.0.4-1 (medium)
 	- mozilla 2:1.7.13-0.3 (medium)
 	- xulrunner 1.8.0.4-1 (medium)
 CVE-2006-2786 (HTTP response smuggling vulnerability in Mozilla Firefox and
...)
 	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-33
-	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
 	- thunderbird 1.5.0.4-1 (medium)
 	- mozilla 2:1.7.13-0.3 (medium)
 	- xulrunner 1.8.0.4-1 (medium)
 CVE-2006-2785 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox
before ...)
 	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-34
-	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
 	- mozilla 2:1.7.13-0.3 (medium)
 	- xulrunner 1.8.0.4-1 (medium)
 CVE-2006-2784 (The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4
allows ...)
 	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-36
-	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
 	- mozilla <unfixed> (medium)
 	- xulrunner 1.8.0.4-1 (medium)
 CVE-2006-2783 (Mozilla Firefox and Thunderbird before 1.5.0.4 strips the
Unicode ...)
 	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-42
-	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
 	- thunderbird 1.5.0.4-1 (medium)
 	- mozilla 2:1.7.13-0.3 (medium)
 	- xulrunner 1.8.0.4-1 (medium)
 CVE-2006-2782 (Firefox 1.5.0.2 does not fix all test cases associated with ...)
 	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-41
-	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
 	- mozilla 2:1.7.13-0.3 (medium)
 	- xulrunner 1.8.0.4-1 (medium)
 CVE-2006-2781 (Double-free vulnerability in nsVCard.cpp in Mozilla Thunderbird
before ...)
@@ -11526,41 +11478,35 @@
 CVE-2006-2780 (Integer overflow in Mozilla Firefox and Thunderbird before
1.5.0.4 ...)
 	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-32
-	- firefox 1.5.dfsg+1.5.0.4-1 (high)
 	- thunderbird 1.5.0.4-1 (high)
 	- mozilla 2:1.7.13-0.3 (high)
 	- xulrunner 1.8.0.4-1 (high)
 CVE-2006-2779 (Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote
attackers ...)
 	{DSA-1160 DSA-1159 DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-32
-	- firefox 1.5.dfsg+1.5.0.4-1 (high)
 	- thunderbird 1.5.0.4-1 (high)
 	- mozilla 2:1.7.13-0.3 (high)
 	- xulrunner 1.8.0.4-1 (high)
 CVE-2006-2778 (The crypto.signText function in Mozilla Firefox and Thunderbird
before ...)
 	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-38
-	- firefox 1.5.dfsg+1.5.0.4-1 (high)
 	- thunderbird 1.5.0.4-1 (high)
 	- mozilla 2:1.7.13-0.3 (high)
 	- xulrunner 1.8.0.4-1 (high)
 CVE-2006-2777 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and
...)
 	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-43
-	- firefox 1.5.dfsg+1.5.0.4-1 (high)
 	- mozilla 2:1.7.13-0.3 (high)
 	- xulrunner 1.8.0.4-1 (high)
 CVE-2006-2776 (Certain privileged UI code in Mozilla Firefox and Thunderbird
before ...)
 	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-37
-	- firefox 1.5.dfsg+1.5.0.4-1 (high)
 	- thunderbird 1.5.0.4-1 (high)
 	- mozilla 2:1.7.13-0.3 (high)
 	- xulrunner 1.8.0.4-1 (high)
 CVE-2006-2775 (Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL
...)
 	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-35
-	- firefox 1.5.dfsg+1.5.0.4-1 (high)
 	- thunderbird 1.5.0.4-1 (high)
 	- mozilla 2:1.7.13-0.3 (high)
 	- xulrunner 1.8.0.4-1 (high)
@@ -11672,7 +11618,6 @@
 CVE-2006-2724 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows
remote ...)
 	NOT-FOR-US: PunBB
 CVE-2006-2723 (Unspecified versions of Mozilla Firefox allow remote attackers
to ...)
-	- firefox <removed> (unimportant)
 	- iceweasel <unfixed> (unimportant)
 	- mozilla <unfixed> (unimportant)
 	- mozilla-firefox <unfixed> (unimportant)
@@ -12556,7 +12501,6 @@
 	NOT-FOR-US: MyBB
 CVE-2006-2332 (Mozilla Firefox 1.5.0.3 allows remote attackers to cause a
denial of ...)
 	NOTE: 1.5.dfsg+1.5.0.3-2 didn''t crash or do anything but stutter on
the sample pages, marking it fixed in there
-	- firefox 1.5.dfsg+1.5.0.3-2
 CVE-2006-2331 (Multiple directory traversal vulnerabilities in PHP-Fusion
6.00.306 ...)
 	NOT-FOR-US: PHP-Fusion
 CVE-2006-2330 (PHP-Fusion 6.00.306 and earlier, running under Apache HTTP
Server ...)
@@ -13386,7 +13330,6 @@
 	NOT-FOR-US: FlexBB
 CVE-2006-1993 (Mozilla Firefox 1.5.0.2, when designMode is enabled, allows
remote ...)
 	{DSA-1055-1 DSA-1053-1}
-	- firefox 1.5.dfsg+1.5.0.3-1 (bug #364810; high)
 	- mozilla <unfixed> (high)
 	[sarge] - mozilla-thunderbird <no-dsa> (Not directly exploitable in
Thunderbird)
 CVE-2006-XXXX [typo3 mailforms can be abused to send spam]
@@ -13468,7 +13411,6 @@
 CVE-2006-1942 (Mozilla Firefox 1.5.0.2 and possibly other versions before
1.5.0.4, ...)
 	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-39
-	- firefox 1.5.dfsg+1.5.0.4-1 (low)
 	- thunderbird <not-affected> (Windows-specific)
 	- mozilla 2:1.7.13-0.3 (low)
 	- xulrunner <not-affected> (Windows-specific)
@@ -13575,7 +13517,6 @@
 	NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart
 CVE-2004-2657 (** DISPUTED ** ...)
 	- mozilla-firefox <not-affected>
-	- firefox <not-affected>
 CVE-1999-1588 (Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and
2.5.1 ...)
 	NOT-FOR-US: Sun Solaris
 CVE-2006-1906 (Cross-site scripting (XSS) vulnerability in index.php in
jjgan852 ...)
@@ -13838,7 +13779,6 @@
 	NOT-FOR-US: QuickBlogger
 CVE-2006-1790 (A regression fix in Mozilla Firefox 1.0.7 allows remote
attackers to ...)
 	{DSA-1051-1 DSA-1046-1}
-	- firefox 1.5
 	- mozilla-firefox <not-affected> (problematic fix not backported into
1.0.4-2sarge5)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
 	- thunderbird 1.5.0.2-1
@@ -13942,7 +13882,6 @@
 	NOT-FOR-US: JBook
 CVE-2006-1742 (The JavaScript engine in Mozilla Firefox and Thunderbird 1.x
before ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
-	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
 	- mozilla 2:1.7.13-0.1 (medium)
 	- thunderbird 1.5.0.2-1 (low)
@@ -13952,69 +13891,59 @@
 	NOTE: clear if this bug is exploitable.
 CVE-2006-1741 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla
Suite ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
-	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
 	- mozilla 2:1.7.13-0.1 (medium)
 	- thunderbird 1.5.0.2-1 (low)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 CVE-2006-1740 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla
Suite ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
-	- firefox 1.5.dfsg+1.5.0.2-2 (low)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (low)
 	- mozilla 2:1.7.13-0.1 (low)
 	- thunderbird 1.5.0.2-1 (low)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 CVE-2006-1739 (The CSS border-rendering code in Mozilla Firefox and Thunderbird
1.x ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
-	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
 	- mozilla 2:1.7.13-0.1 (medium)
 	- thunderbird 1.5.0.2-1 (low)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 CVE-2006-1738 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x
...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
-	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
 	- mozilla 2:1.7.13-0.1 (medium)
 	- thunderbird 1.5.0.2-1 (low)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 CVE-2006-1737 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before
1.5 and ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
-	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
 	- mozilla 2:1.7.13-0.1 (medium)
 	- thunderbird 1.5.0.2-1 (low)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 CVE-2006-1736 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla
Suite ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
-	- firefox 1.5.dfsg+1.5.0.2-2 (low)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (low)
 	- mozilla 2:1.7.13-0.1 (low)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
 CVE-2006-1735 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before
1.0.8, ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
-	- firefox 1.5.dfsg+1.5.0.2-2 (high)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
 	- mozilla 2:1.7.13-0.1 (high)
 	- thunderbird 1.5.0.2-1 (medium)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
 CVE-2006-1734 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before
1.0.8, ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
-	- firefox 1.5.dfsg+1.5.0.2-2 (high)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
 	- mozilla 2:1.7.13-0.1 (high)
 	- thunderbird 1.5.0.2-1 (medium)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
 CVE-2006-1733 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before
1.0.8, ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
-	- firefox 1.5.dfsg+1.5.0.2-2 (high)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
 	- mozilla 2:1.7.13-0.1 (high)
 	- thunderbird 1.5.0.2-1 (medium)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
 CVE-2006-1732 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x
...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
-	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
 	- mozilla 2:1.7.13-0.1 (medium)
 	- thunderbird 1.5.0.2-1 (low)
@@ -14022,14 +13951,12 @@
 	- xulrunner 1.8.0.1-9
 CVE-2006-1731 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before
1.0.8, ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
-	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
 	- mozilla 2:1.7.13-0.1 (medium)
 	- thunderbird 1.5.0.2-1 (low)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 CVE-2006-1730 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before
1.5.0.2 ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
-	- firefox 1.5.dfsg+1.5.0.2-1 (high)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
 	- mozilla 2:1.7.13-0.1 (high)
 	- thunderbird 1.5.0.2-1 (medium)
@@ -14039,7 +13966,6 @@
 	- xulrunner 1.8.0.1-9
 CVE-2006-1729 (Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8,
Mozilla ...)
 	{DSA-1134-1 DSA-1051-1 DSA-1046-1 DSA-1044-1}
-	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (medium)
 	- mozilla 2:1.7.13-0.1 (medium)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
@@ -14047,7 +13973,6 @@
 	NOTE: Can likely be used to steal OpenSSH keys and the like.
 CVE-2006-1728 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x
...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
-	- firefox 1.5.dfsg+1.5.0.2-1 (high)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
 	- mozilla <unfixed> (high)
 	- thunderbird 1.5.0.2-1 (medium)
@@ -14055,7 +13980,6 @@
 	- xulrunner 1.8.0.1-9
 CVE-2006-1727 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x
...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
-	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (medium)
 	- mozilla 2:1.7.13-0.1 (medium)
 	- thunderbird 1.5.0.2-1 (medium)
@@ -14064,17 +13988,14 @@
 	NOTE: If print preview (and this bug) can be triggered from JavaScript,
 	NOTE: the urgency should probably be raised.
 CVE-2006-1726 (Unspecified vulnerability in Firefox and Thunderbird 1.5 before
...)
-	- firefox 1.5.dfsg+1.5.0.2-1 (high)
 	- thunderbird 1.5.0.2-1 (medium)
 	- xulrunner 1.8.0.1-9
 	NOTE: New bug in Firefox 1.5.
 CVE-2006-1725 (Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1
causes ...)
-	- firefox 1.5.dfsg+1.5.0.2-1 (low)
 	- xulrunner 1.8.0.1-9
 	NOTE: New bug in Firefox 1.5.
 CVE-2006-1724 (Unspecified vulnerability in Firefox and Thunderbird before
1.5.0.2, ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
-	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
 	- mozilla <unfixed> (medium)
 	- thunderbird 1.5.0.2-1 (low)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
@@ -14084,7 +14005,6 @@
 	NOTE: default configuration.
 CVE-2006-1723 (Unspecified vulnerability in Firefox and Thunderbird before
1.5.0.2, ...)
 	{DSA-1051-1 DSA-1046-1}
-	- firefox 1.5.dfsg+1.5.0.2 (medium)
 	- mozilla-firefox <unfixed> (medium)
 	- mozilla <unfixed> (medium)
 	- thunderbird 1.5.0.2-1 (low)
@@ -14598,7 +14518,6 @@
 	NOT-FOR-US: PHP Classifieds
 CVE-2006-1531 (Unspecified vulnerability in Firefox and Thunderbird before
1.5.0.2, ...)
 	{DSA-1046-1}
-	- firefox 1.5.0.2 (medium)
 	- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
 	- thunderbird 1.5.0.2-1 (low)
 	- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
@@ -14608,7 +14527,6 @@
 	NOTE: default configuration.
 CVE-2006-1530 (Unspecified vulnerability in Firefox and Thunderbird before
1.5.0.2, ...)
 	{DSA-1046-1}
-	- firefox 1.5.0.2 (medium)
 	- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
 	- thunderbird 1.5.0.2-1 (low)
 	- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
@@ -14618,7 +14536,6 @@
 	NOTE: default configuration.
 CVE-2006-1529 (Unspecified vulnerability in Firefox and Thunderbird before
1.5.0.2, ...)
 	{DSA-1046-1}
-	- firefox 1.5.0.2-1 (medium)
 	- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
 	- thunderbird 1.5.0.2-1 (low)
 	- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
@@ -15767,7 +15684,6 @@
 	{DSA-1051-1 DSA-1046-1}
 	- thunderbird 1.5.0.2-1
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
-	- firefox 1.5.dfsg+1.5.0.2-1
 	- xulrunner 1.8.0.1-9
 CVE-2006-1044 (Multiple buffer overflows in LISTSERV 14.3 and 14.4, including
...)
 	NOT-FOR-US: LISTSERV
@@ -16123,7 +16039,6 @@
 	{DSA-1051-1 DSA-1046-1}
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
 	- thunderbird 1.5.0.2-1
-	- firefox 1.5.dfsg+1.5.0.2-1
 	- xulrunner 1.8.0.1-9
 	- mozilla 2:1.7.13-0.1
 CVE-2003-1295 (Unspecified vulnerability in xscreensaver 4.12, and possibly
other ...)
@@ -16426,14 +16341,12 @@
 	NOT-FOR-US: supersmashbrothers
 CVE-2006-0749 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before
1.0.8, ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
-	- firefox 1.5.dfsg+1.5.0.2 (low)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2 (low)
 	- mozilla 2:1.7.13-0.1 (low)
 	- thunderbird 1.5.0.2-1 (low)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 CVE-2006-0748 (Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x
before ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
-	- firefox 1.5.dfsg+1.5.0.2-1 (high)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
 	- mozilla 2:1.7.13-0.1 (high)
 	- thunderbird 1.5.0.2-1 (high)
@@ -16612,7 +16525,6 @@
 CVE-2005-4720 (Mozilla Firefox 1.0.7 and earlier on Linux allows remote
attackers to ...)
 	{DSA-1044-1}
 	- mozilla-firefox 1.5.dfsg+1.5.0.2 (low)
-	- firefox 1.5.dfsg-1
 CVE-2005-4719 (Multiple SQL injection vulnerabilities in Sysbotz Systems Panel
1.0.6 ...)
 	NOT-FOR-US: Sysbotz Systems Panel
 CVE-2005-4718 (Opera 8.02 and earlier allows remote attackers to cause a denial
of ...)
@@ -17057,7 +16969,6 @@
 CVE-2006-0497 (Multiple SQL injection vulnerabilities in PHP GEN before 1.4
allow ...)
 	NOT-FOR-US: PHP GEN
 CVE-2006-0496 (Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and
...)
-	- firefox <removed> (bug #349339)
 	- iceweasel <unfixed> (bug #349339)
 	NOTE: mozilla-firefox is now a dummy package, so not vulnerable any more
 	- mozilla-firefox 1.5.dfsg+1.5.0.3-2 (bug #349339)
@@ -17170,7 +17081,6 @@
 	NOT-FOR-US: PunBB
 CVE-2005-4685 (Firefox and Mozilla can associate a cookie with multiple domains
when ...)
 	NOTE: see CVE-2005-4684
-	- firefox <removed> (unimportant)
 	- iceweasel <unfixed> (unimportant)
 	- mozilla <unfixed> (unimportant)
 	[sarge] - mozilla <no-dsa> (Hardly exploitable)
@@ -17607,47 +17517,39 @@
 CVE-2006-0299 (The E4X implementation in Mozilla Firefox before 1.5.0.1,
Thunderbird ...)
 	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
 	- mozilla <not-affected> (E4X not implemented in Mozilla 1.7)
-	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
 	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
 	- thunderbird 1.5.0.2-1
 CVE-2006-0298 (The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey
before ...)
 	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
 	- mozilla <not-affected> (Mozilla 1.7 is not affected)
-	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
 	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
 	- thunderbird 1.5.0.2-1
 CVE-2006-0297 (Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird
1.5 if ...)
 	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
 	- mozilla <not-affected> (Mozilla 1.7 is not affected)
-	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
 	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
 	- thunderbird 1.5.0.2-1
 	- xulrunner 1.8.0.1-9
 CVE-2006-0296 (The XULDocument.persist function in Mozilla, Firefox before
1.5.0.1, ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
-	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
 	- mozilla 2:1.7.13-0.1
 	- thunderbird 1.5.0.2-1
 CVE-2006-0295 (Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in
mail, ...)
-	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
 	[sarge] - mozilla-firefox <not-affected>
 	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
 	- thunderbird 1.5.0.2-1
 CVE-2006-0294 (Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running
Javascript ...)
-	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
 	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
 	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
 	- mozilla-thunderbird <unfixed>
 	- thunderbird 1.5.0.2-1
 CVE-2006-0293 (The function allocation code (js_NewFunction in jsfun.c) in
Firefox ...)
 	{DSA-1051-1 DSA-1046-1}
-	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
 	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
 	- mozilla 2:1.7.13-0.1
 CVE-2006-0292 (The Javascript interpreter (jsinterp.c) in Mozilla and Firefox
before ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
-	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
 	[sarge] - mozilla-firefox 1.0.4-2sarge6
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
 	- thunderbird 1.5.0.2-1
@@ -19410,7 +19312,6 @@
 	NOT-FOR-US: SimpleBBS
 CVE-2005-4134 (Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before
...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
-	- firefox 1.5.dfsg+1.5.0.2-2 (unimportant)
 	- mozilla 2:1.7.13-0.1 (unimportant)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (unimportant)
 	NOTE: Not exploitable beyond a sluggish browser startup, see
@@ -20044,7 +19945,6 @@
 	NOTE: Not reproducible with konqueror 4:3.4.2-4.
 CVE-2005-3896 (Mozilla allows remote attackers to cause a denial of service
(CPU ...)
 	NOTE: maintainers don''t believe it is a security bug and
can''t reproduce after 1.5.dfsg-1
-	- firefox 1.5.dfsg-1 (bug #340283; bug #345469; unimportant)
 	- mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #340283; bug #345469; unimportant)
 	- mozilla <unfixed> (bug #340282; unimportant)
 CVE-2005-3895 (Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0
...)
@@ -24887,7 +24787,6 @@
 CVE-2005-2415 (Multiple SQL injection vulnerabilities in Contrexx before 1.0.5
allow ...)
 	NOT-FOR-US: Contrexx
 CVE-2005-2414 (Race condition in the xpcom library, as used by web browsers
such as ...)
-	- firefox 1.5.dfsg-1 (unimportant)
 	- mozilla-firefox <unfixed> (bug #327549; unimportant)
 	- mozilla <unfixed> (bug #327550; unimportant)
 	- iceweasel <not-affected>
@@ -24959,7 +24858,6 @@
 CVE-2005-2396 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and
...)
 	- mediawiki 1.4.9 (bug #276057)
 CVE-2005-2395 (Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge
with the ...)
-	- firefox <removed> (bug #320539; unimportant)
 	- iceweasel <unfixed> (bug #320539; unimportant)
 	- mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #320539; unimportant)
 	- mozilla <unfixed> (bug #320538; unimportant)
@@ -29430,7 +29328,6 @@
 	{DSA-1051-1 DSA-1046-1}
 	- mozilla-thunderbird 1.0.6-1 (bug #306893; low)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
-	- firefox 1.5.dfsg+1.5.0.2-1
 	- thunderbird 1.5.0.2-1
 	- xulrunner 1.8.0.1-9
 CVE-2005-XXXX [Directory traversal in unzoo]
@@ -32350,7 +32247,6 @@
 	NOTE: hard disc, well than you have "DoSed" yourself,
congratulations.
 	NOTE: It''s reproducable with 1.0.2, but I doubt it will ever be
"fixed", as HTML parsers
 	NOTE: generally try to make sense of anything even remotely resembling HTML.
-	- firefox <removed> (unimportant)
 	- iceweasel <unfixed> (unimportant)
 	- mozilla <unfixed> (unimportant)
 CVE-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to
execute ...)

Moritz Muehlenhoff

2007-Feb-14 01:16 UTC

head link

[Secure-testing-team] Re: [Secure-testing-commits] r5450 - data/CVE

On Tue, Feb 13, 2007 at 07:07:30PM +0100, Stefan Fritsch
wrote:> Author: stef-guest
> Date: 2007-02-13 19:07:27 +0100 (Tue, 13 Feb 2007)
> New Revision: 5450
> 
> Modified:
>    data/CVE/list
> Log:
> remove all traces of firefox (actually I think this is a bug in the
tracker)
I concur; we shouldn''t lose the security history of firefox. Florian,
please
fix so that we can revert r5450 afterwards.

Cheers,
        Moritz

Florian Weimer

2007-Feb-14 06:43 UTC

head link

[Secure-testing-team] Re: [Secure-testing-commits] r5450 - data/CVE

* Moritz Muehlenhoff:
>> remove all traces of firefox (actually I think this is a bug in the
tracker)
>
> I concur; we shouldn''t lose the security history of firefox.
Yes, this is in fact a bug, or rather a design defect.
> Florian, please fix so that we can revert r5450 afterwards.
If we want to preserve the ability to track by binary package name for
simple cases, I have to add a way to mark a non-existing package as a
source package.  I plan to parse data/packages/removed-packages for
this purpose.

Stefan Fritsch

2007-Feb-14 09:09 UTC

head link

[Secure-testing-team] Re: [Secure-testing-commits] r5450 - data/CVE

Hi,

On Wednesday 14 February 2007 06:42, Florian Weimer
wrote:> If we want to preserve the ability to track by binary package name
> for simple cases, I have to add a way to mark a non-existing
> package as a source package.  I plan to parse
> data/packages/removed-packages for this purpose.
Maybe it would be enough to treat any package with at least one 
<removed> entry as source package? Of course I have no idea which way 
is easier to implement...

Cheers,
Stefan

Florian Weimer

2007-Feb-18 18:52 UTC

head link

[Secure-testing-team] Re: [Secure-testing-commits] r5450 - data/CVE

* Stefan Fritsch:
> On Wednesday 14 February 2007 06:42, Florian Weimer wrote:
>> If we want to preserve the ability to track by binary package name
>> for simple cases, I have to add a way to mark a non-existing
>> package as a source package.  I plan to parse
>> data/packages/removed-packages for this purpose.
Turns out that this was already implemented.
> Maybe it would be enough to treat any package with at least one
> <removed> entry as source package?
Yeah, when I added removed-packages, we didn''t have <removed>
annotations.  I''ve added processing of the <removed> tags (and
removed
the code for removed-packages).  There''s still a corner cases where
we''d need a separate removed-packages file, but I don''t think
we will
run into it in the forseeable future.

Secure testing team - Feb 2007 - r5450 - data/CVE

[Secure-testing-commits] r5450 - data/CVE

[Secure-testing-team] Re: [Secure-testing-commits] r5450 - data/CVE

[Secure-testing-team] Re: [Secure-testing-commits] r5450 - data/CVE

[Secure-testing-team] Re: [Secure-testing-commits] r5450 - data/CVE

[Secure-testing-team] Re: [Secure-testing-commits] r5450 - data/CVE